====== SymbolicJS: notes on JavaScript obfuscation ======

Inspired by JSFuck, but here's the rules:

  * 7-bit printable ASCII (32 to 126)
  * No alphanumerics (''[a-zA-Z0-9]''), no spaces, only ''``'' quotes

===== Build some strings with keywords =====

Use either ''`${<code>}`'' or ''(<code>+[])'' to obtain useful keywords:

^keyword^code^
|''[object Object]''|''{}''|
|''true'' |''!``''|
|''false''|''![]''|
|''NaN''|''-`!`''|
|''undefined''|''[]%%[[]]%%''|
|''-Infinity''|''~[]/[]''|

===== Index the strings with numerals =====

^number^code^
|-4|''~-~-~!``''|
|-3|''~-~!``''|
|-2|''~!``''|
|-1|''~``''|
|-0|''-``''|
|0|''+``''|
|1|''+!``''|
|2|''-~!``''|
|3|''-~-~!``''|
|4|''-~-~-~!``''|

===== Build a basic alphabet =====

We can use variables, but only those whose name contains `$` and `_` so we'll use some sort of morse code-based encoding, with `$`=>`.` and `_`=>`-`, and a prefix to differentiate lowercase and uppercase:

^ ^code^
|a|''%%$$_=`${![]}`[+!``]%%''|
|b|''%%$_$$$=`${{}}`[-~!``]%%''|
|c|''%%$_$_$=`${{}}`[-~-~-~-~!``]%%''|
|d|''%%$_$$=`${[][[]]}`[-~!``]%%''|
|e|''%%$$=`${!``}`[-~-~!``]%%''|
|f|''%%$$$_$=`${![]}`[-``]%%''|
|i|''%%$$$=`${[][[]]}`[-~-~-~-~!``]%%''|
|j|''%%$$___=`${{}}`[-~-~!``]%%''|
|l|''%%$$_$$=`${![]}`[-~!``]%%''|
|n|''%%$_$=`${[][[]]}`[+!``]%%''|
|o|''%%$___=`${{}}`[+!``]%%''|
|r|''%%$$_$=`${!``}`[+!``]%%''|
|s|''%%$$$$=`${![]}`[-~-~!``]%%''|
|t|''%%$_=`${!``}`[-``]%%''|
|u|''%%$$$_=`${!``}`[-~!``]%%''|
|y|''%%$_$__=`${-~[]/[]}`[-~-~-~-~-~-~!``]%%''|
|I|''%%_$$=`${~[]/[]}`[+!``]%%''|
|N|''%%__$=``${-`!`}`[-``]%%''|
|O|''%%____=`${{}}`[-~-~-~-~-~-~-~!``]%%''|
|space|''%%____$=`${{}}`[-~-~-~-~-~-~!``]%%''|

Actually, we can just use the ''[a,b]="ab"'' notation to make it way shorter. Note that using ''+[]'' or ''+``'' is now shorter due to the lack of need of parentheses.

<code javascript>
[,$___,$_$$$,$$___,$$,$_$_,$_,____$,____]={}+[], // o,b,j,e,c,t,space,O
[$$$_$,$$_,$$_$$,$$$$]=![]+[], // f,a,l,s
[,$$_$]=!``+[], // r
[__$]=-`!`+[], // N
[,_$$,$_$,,$$$,,,,$_$__]=~[]/[]+[], // I,n,i,y
[$$$_,,$_$$]=[][[]]+[] // u,d
</code>

Of course, a few of those are not needed, can be removed if you don't need them, and those identifiers can always be shorter. We need at least enough to spell ''constructor'' and ''return btoa''. Here's the minimum:

<code javascript>
[,$___,$_$$$,,$$,$_$_$,$_,____$]={}+[], // o,b,e,c,t,space
[,$$_,,$$$$]=![]+[], // a,s
[,$$_$]=!``+[], // r
[$$$_,$_$]=[][[]]+[], // u,n
</code>

<note>Note that we need the ''l'' for ''console.log'', and I'll put it back here, but it's shorter to move the ''i'' to the ''btoa'' call later in this document.</note>

===== Execute arbitrary code =====

Now we have enough letters to execute arbitrary code:

<code javascript>
$=(_=>_)["constructor"] // returns Function
</code>

<code javascript>
$=(_=>_)[$_$_$+$___+$_$+$$$$+$_+$$_$+$$$_+$_$_$+$_+$___+$$_$]
</code>

===== Build more letters =====

We can then use `btoa` to get a lot of the letters we're missing, most notably ''h'' and ''i'' to spell ''return this'', and the ''g'' from ''log''.

<code javascript>
[K,i,g,h]=Function("return btoa")()`*(!` // returns 'Kigh'
</code>

<code javascript>
[,$$$,$__$,$$$$$]=$((_=$$_$+$$+$_+$$$_+$$_$+$_$+____$)+$_$$$+$_+$___+$$_)()`*(!`
</code>

<note>
It's useful to save ''"return "'' for later here. You might want to use another variable name, though.
</note>

===== Build the global object =====

<code javascript>
_=Function("return this")()
</code>

<code javascript>
_=$(_+$_+$$$$$+$$$+$$$$)()
</code>

===== Access global variables and run some code =====

<code javascript>
_["console"]["log"]("hello")
</code>

<code javascript>
_[$_$_$+$___+$_$+$$$$+$___+$$_$$+$$][$$_$$+$___+$__$]($$$$$+$$+$$_$$+$$_$$+$___)
</code>

===== console.log example =====

<code javascript>
[,$___,$_$$$,,$$,$_$_$,$_,____$]={}+[], // o b e c t space
[,$$_,$$_$$,$$$$]=![]+[], // a l s
[,$$_$]=!``+[], // r
[$$$_,$_$]=[][[]]+[], // u n
$=(_=>_)[$_$_$+$___+$_$+$$$$+$_+$$_$+$$$_+$_$_$+$_+$___+$$_$], // $=Function
[,$$$,$__$,$$$$$]=$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_$$$+$_+$___+$$_)()`*(!` // i g h
$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_+$$$$$+$$$+$$$$)() // $("return this")()
[$_$_$+$___+$_$+$$$$+$___+$$_$$+$$][$$_$$+$___+$__$]($$$$$+$$+$$_$$+$$_$$+$___) // console.log("hello")
</code>

<code javascript>
[,$___,$_$$$,,$$,$_$_$,$_,____$]={}+[],[,$$_,$$_$$,$$$$]=![]+[],[,$$_$]=!``+[],[$$$_,$_$]=[][[]]+[],$=(_=>_)[$_$_$+$___+$_$+$$$$+$_+$$_$+$$$_+$_$_$+$_+$___+$$_$],[,$$$,$__$,$$$$$]=$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_$$$+$_+$___+$$_)()`*(!`,$($$_$+$$+$_+$$$_+$$_$+$_$+____$+$_+$$$$$+$$$+$$$$)()[$_$_$+$___+$_$+$$$$+$___+$$_$$+$$][$$_$$+$___+$__$]($$$$$+$$+$$_$$+$$_$$+$___)
</code>